Skip to main content
CI/CD integration is coming soon. For early access and custom deployment options, contact our team at contact@bevor.io.

Per-PR Security

Integrate BevorAI into your continuous integration and deployment pipelines to ensure every code change is automatically analyzed for security vulnerabilities. Catch issues early, maintain security standards, and protect your protocol throughout the development lifecycle.

GitHub App

Install the BevorAI GitHub App to automatically scan pull requests and commits without writing any YAML.
  1. Visit the BevorAI GitHub App installation page
  2. Select the organization and repositories to grant access
  3. In the Bevor Dashboard, go to Settings → Integrations and connect your GitHub org
  4. Confirm repository permissions and default scanning rules
The GitHub App is the fastest way to enable PR scanning with minimal setup.

GitHub Actions (YAML)

Add a workflow file at .github/workflows/bevor-security.yml: 
name: Bevor Security Scan

on:
  pull_request:
  push:
    branches: [ main ]

jobs:
  security-scan:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v4

      - name: Start Bevor scan (API)
        env:
          BEVOR_API_KEY: ${{ secrets.BEVOR_API_KEY }}
        run: |
          curl -sS -X POST https://api.bevor.io/scan \
            -H "Authorization: Bearer $BEVOR_API_KEY" \
            -H "Content-Type: application/json" \
            -d '{}' > create-scan.json

      - name: Fetch audit results (API)
        env:
          BEVOR_API_KEY: ${{ secrets.BEVOR_API_KEY }}
        run: |
          AUDIT_ID=$(jq -r '.id' create-scan.json)
          curl -sS -H "Authorization: Bearer $BEVOR_API_KEY" \
            "https://api.bevor.io/audit/$AUDIT_ID" > security-report.json

      - name: Upload report artifact
        uses: actions/upload-artifact@v4
        with:
          name: security-report
          path: security-report.json

      - name: Fail on critical/high findings
        run: |
          CRIT_HIGH=$(jq '[.findings[]? | select((.level|ascii_downcase)=="critical" or (.level|ascii_downcase)=="high")] | length' security-report.json)
          if [ "$CRIT_HIGH" -gt 0 ]; then
            echo "Blocking due to findings: $CRIT_HIGH"
            exit 1
          fi
Required repository secret:
  • BEVOR_API_KEY: Create in the Bevor Dashboard → Settings → API Keys, then add to GitHub repo settings under Secrets and variables → Actions.

Jenkins Pipeline

Add a stage to your Jenkinsfile: 
pipeline {
  agent any
  environment {
    BEVOR_API_KEY = credentials('BEVOR_API_KEY')
  }
  stages {
    stage('Checkout') {
      steps { checkout scm }
    }
    stage('Bevor Security Scan') {
      steps {
        sh 'curl -sS -X POST https://api.bevor.io/scan -H "Authorization: Bearer $BEVOR_API_KEY" -H "Content-Type: application/json" -d "{}" > create-scan.json'
        sh 'AUDIT_ID=$(jq -r .id create-scan.json); curl -sS -H "Authorization: Bearer $BEVOR_API_KEY" "https://api.bevor.io/audit/$AUDIT_ID" > security-report.json'
        sh 'CRIT_HIGH=$(jq '\''[.findings[]? | select((.level|ascii_downcase)=="critical" or (.level|ascii_downcase)=="high")] | length'\'' security-report.json); if [ "$CRIT_HIGH" -gt 0 ]; then echo "Blocking due to findings: $CRIT_HIGH"; exit 1; fi'
      }
    }
  }
  post {
    always { archiveArtifacts artifacts: 'security-report.json', onlyIfSuccessful: false }
    failure { echo 'Security scan reported blocking findings' }
  }
}
Store the API key in Jenkins Credentials as a secret text credential named BEVOR_API_KEY (or change the reference above accordingly).

Other CI Systems & Custom Workflows

  • Use the Bevor API in any runner to perform scans and gate builds.
  • For custom integrations, see the API Reference for endpoints, authentication, and examples.
I